Vulnerability

    Internet Explorer & Outlook Express

Affected

    MacOS with IE 4.5 and OE 5

Description

    Following is based on Microsoft Security Bulletin.  There are  two
    issues  here.   The  first  is  a  security vulnerability found in
    Outlook Express 5 for Macintosh.  By design, when an HTML mail  is
    received, the mail content  is downloaded onto the  user's machine
    and processed.   However, attachments  to the  mail should  not be
    downloaded unless the user requests it.  A flaw in Outlook Express
    5  for  Macintosh  causes  it  to  download all content, including
    attachments.   The  vulnerability  does  not  provide  a way for a
    malicious user to launch the downloaded attachments.

    The second  issue involves  several digital  certificates that are
    included  in   Internet  Explorer   4.5  for   Macintosh.    These
    certificates are due  to expire on  December 31, 1999.   The patch
    provides updated certificates, and  also adds support for  X509 V3
    certificates.  There is no security vulnerability associated  with
    this  issue;  Microsoft  is   simply  providing  the   replacement
    certificates and X.509 V3 support as a community service.

    It is important to note  that both the security vulnerability  and
    the certificate expiration issue  affect only Outlook Express  and
    Internet Explorer on the Macintosh; the Windows versions of  these
    products are not affected.

Solution

    Patch availability:

        http://www.microsoft.com/mac/download